Thursday, June 08, 2006

Tracking Exploits

I received a link to this press release today. Unlike many press releases, this one contained interesting news. It reported that a new security company called Exploit Prevention Labs (XPL) just released their first Exploit Prevalence Survey™, which ranks five client-side exploits used to compromise Web surfers. This seems similar to US-CERT Current Activity, although that report jumbles together many different news items and doesn't name specific exploits. According to the press release

The results of the monthly Exploit Prevalence Survey are derived from automated reports by users of Exploit Prevention Labs’ SocketShield anti-exploit software (free trial download at http://www.explabs.com), who have agreed to have their SocketShield installations report all suspected exploit attempts back to the researchers at Exploit Prevention Labs.

This reminds me of Microsoft's Strider HoneyMonkey project, which uses bots to crawl the Web looking for malicious sites. XPL insteads relies on real users visiting the same sites.

In any case, I look forward to the next report from XPL and I hope they apply some sort of rigor to their analysis. I wonder if the sites they visit ever end up in one of the popular blacklists? Also, where do you download exploits as they are released, now that FrSIRT VNS costs money?

3 comments:

Anonymous said...

packetstorm and milmw0rm. Sometimes security focus.

Anonymous said...

secwatch too

Dominic White said...

There's is also freedom.net and security.nnov. I have an aggregator of exploit clearing houses at http://singe.rucus.net/planet/exploits/ I need to update it with some of the newer ones.